| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/common/csp_validator.h" | 5 #include "extensions/common/csp_validator.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/strings/string_split.h" | 9 #include "base/strings/string_split.h" |
| 10 #include "base/strings/string_tokenizer.h" | 10 #include "base/strings/string_tokenizer.h" |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 121 int options, | 121 int options, |
| 122 std::vector<std::string>* sane_csp_parts, | 122 std::vector<std::string>* sane_csp_parts, |
| 123 std::vector<InstallWarning>* warnings) { | 123 std::vector<InstallWarning>* warnings) { |
| 124 sane_csp_parts->push_back(directive_name); | 124 sane_csp_parts->push_back(directive_name); |
| 125 while (tokenizer->GetNext()) { | 125 while (tokenizer->GetNext()) { |
| 126 std::string source = tokenizer->token(); | 126 std::string source = tokenizer->token(); |
| 127 base::StringToLowerASCII(&source); | 127 base::StringToLowerASCII(&source); |
| 128 bool is_secure_csp_token = false; | 128 bool is_secure_csp_token = false; |
| 129 | 129 |
| 130 // We might need to relax this whitelist over time. | 130 // We might need to relax this whitelist over time. |
| 131 if (source == "'self'" || | 131 if (source == "'self'" || source == "'none'" || |
| 132 source == "'none'" || | |
| 133 source == "http://127.0.0.1" || | 132 source == "http://127.0.0.1" || |
| 134 LowerCaseEqualsASCII(source, "blob:") || | 133 base::LowerCaseEqualsASCII(source, "blob:") || |
| 135 LowerCaseEqualsASCII(source, "filesystem:") || | 134 base::LowerCaseEqualsASCII(source, "filesystem:") || |
| 136 LowerCaseEqualsASCII(source, "http://localhost") || | 135 base::LowerCaseEqualsASCII(source, "http://localhost") || |
| 137 StartsWithASCII(source, "http://127.0.0.1:", true) || | 136 StartsWithASCII(source, "http://127.0.0.1:", true) || |
| 138 StartsWithASCII(source, "http://localhost:", true) || | 137 StartsWithASCII(source, "http://localhost:", true) || |
| 139 isNonWildcardTLD(source, "https://", true) || | 138 isNonWildcardTLD(source, "https://", true) || |
| 140 isNonWildcardTLD(source, "chrome://", false) || | 139 isNonWildcardTLD(source, "chrome://", false) || |
| 141 isNonWildcardTLD(source, | 140 isNonWildcardTLD(source, std::string(extensions::kExtensionScheme) + |
| 142 std::string(extensions::kExtensionScheme) + | 141 url::kStandardSchemeSeparator, |
| 143 url::kStandardSchemeSeparator, | |
| 144 false) || | 142 false) || |
| 145 StartsWithASCII(source, "chrome-extension-resource:", true)) { | 143 StartsWithASCII(source, "chrome-extension-resource:", true)) { |
| 146 is_secure_csp_token = true; | 144 is_secure_csp_token = true; |
| 147 } else if ((options & OPTIONS_ALLOW_UNSAFE_EVAL) && | 145 } else if ((options & OPTIONS_ALLOW_UNSAFE_EVAL) && |
| 148 source == "'unsafe-eval'") { | 146 source == "'unsafe-eval'") { |
| 149 is_secure_csp_token = true; | 147 is_secure_csp_token = true; |
| 150 } | 148 } |
| 151 | 149 |
| 152 if (is_secure_csp_token) { | 150 if (is_secure_csp_token) { |
| 153 sane_csp_parts->push_back(source); | 151 sane_csp_parts->push_back(source); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 202 int options, | 200 int options, |
| 203 const std::vector<std::string>& directives) { | 201 const std::vector<std::string>& directives) { |
| 204 if (!(options & OPTIONS_ALLOW_INSECURE_OBJECT_SRC)) | 202 if (!(options & OPTIONS_ALLOW_INSECURE_OBJECT_SRC)) |
| 205 return false; | 203 return false; |
| 206 | 204 |
| 207 for (size_t i = 0; i < directives.size(); ++i) { | 205 for (size_t i = 0; i < directives.size(); ++i) { |
| 208 const std::string& input = directives[i]; | 206 const std::string& input = directives[i]; |
| 209 base::StringTokenizer tokenizer(input, " \t\r\n"); | 207 base::StringTokenizer tokenizer(input, " \t\r\n"); |
| 210 if (!tokenizer.GetNext()) | 208 if (!tokenizer.GetNext()) |
| 211 continue; | 209 continue; |
| 212 if (!LowerCaseEqualsASCII(tokenizer.token(), kPluginTypes)) | 210 if (!base::LowerCaseEqualsASCII(tokenizer.token(), kPluginTypes)) |
| 213 continue; | 211 continue; |
| 214 while (tokenizer.GetNext()) { | 212 while (tokenizer.GetNext()) { |
| 215 if (!PluginTypeAllowed(tokenizer.token())) | 213 if (!PluginTypeAllowed(tokenizer.token())) |
| 216 return false; | 214 return false; |
| 217 } | 215 } |
| 218 // All listed plugin types are whitelisted. | 216 // All listed plugin types are whitelisted. |
| 219 return true; | 217 return true; |
| 220 } | 218 } |
| 221 // plugin-types not specified. | 219 // plugin-types not specified. |
| 222 return false; | 220 return false; |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 } | 337 } |
| 340 } | 338 } |
| 341 } | 339 } |
| 342 | 340 |
| 343 return seen_sandbox; | 341 return seen_sandbox; |
| 344 } | 342 } |
| 345 | 343 |
| 346 } // namespace csp_validator | 344 } // namespace csp_validator |
| 347 | 345 |
| 348 } // namespace extensions | 346 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1172753003:
Move LowerCaseEqualsASCII to base namespace (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@string_util